[DEVELOPER] Developer tools

Question 1

What is the primary purpose of AWS CodeCommit?

Answer 1

It is a fully managed, secure Git repository service used for storing source code and is the trigger for AWS CodePipeline workflows.

Question 2

How do users authenticate to CodeCommit?

Answer 2

They use IAM credentials (for HTTPS) or SSH keys that are mapped to an IAM user, ensuring access control is managed via IAM policies.

Question 3

What AWS service is typically used to automatically run a build, test, and package application code stored in CodeCommit?

Answer 3

AWS CodeBuild

Question 4

How can you automate actions (like running tests or sending notifications) when a pull request is created or code is pushed to CodeCommit?

Answer 4

Use Amazon EventBridge to detect CodeCommit repository events and trigger targets like AWS Lambda or AWS CodePipeline.

Question 5

What is the best practice for giving a developer granular access (e.g., only allowing read/write on a specific branch) to a CodeCommit repository?

Answer 5

Use IAM policies with CodeCommit condition keys (e.g., codecommit:References) to restrict access based on branch name patterns.

Question 6

If you want to require two approvals before code can be merged into the main branch, what CodeCommit feature should you configure?

Answer 6

Pull Request Approvals combined with a Branch Protection Rule

Question 7

What is the primary function of AWS CodeBuild?

Answer 7

A fully managed continuous integration service that compiles source code, runs tests, and produces ready-to-deploy software packages (artifacts).

Question 8

What is the build configuration file for CodeBuild, and where is it located?

Answer 8

It is called buildspec.yml, and it must be located in the root directory of your source code repository (e.g., CodeCommit, S3, or GitHub).

Question 9

What are the four main phases in a CodeBuild buildspec.yml file?

Answer 9

1. install (Install dependencies/tools),
2. pre_build (Preparation commands),
3. build (Actual build commands),
4. post_build (Cleanup, testing, notifications).

Question 10

Where does CodeBuild store the final packaged application (artifacts) by default?

Answer 10

In an Amazon S3 bucket. The artifacts section of the buildspec.yml defines which files are packaged and uploaded.

Question 11

How can you securely pass secrets like API keys or database credentials to a CodeBuild job?

Answer 11

By storing them in AWS Secrets Manager or AWS Systems Manager Parameter Store (SecureString), and referencing them in the CodeBuild environment variable settings.

Question 12

What are the two types of compute environments for CodeBuild?

Answer 12

1. Managed (AWS-owned) compute
2. Self-Managed compute using VPC resources (e.g., if you need access to resources in your VPC like an RDS database).

Question 13

If a build needs more processing power or memory, how can you scale CodeBuild?

Answer 13

By choosing a larger Compute Type (e.g., BUILD_GENERAL1_LARGE or BUILD_GENERAL1_2XLARGE) during project configuration.

Question 14

What happens if an AWS CodeBuild project fails?

Answer 14

The entire build process immediately stops, and the logs are sent to Amazon CloudWatch Logs for debugging. The failure stops the upstream CodePipeline process.